sweet lady utworzono 21 lipca 2009 utworzono 21 lipca 2009 Mam taki problem że po uruchomieniu przeglądarki wyskakują mi samoistnie strony z reklamami lub z pornografia. Mam zablokowane pojawianie się okien. Nie wiem co to może być. Uzywam Mozilli ale w Internet Explorer rowniez sie tak dzieje. Przeskanowalam komp i nic nie wykrylo. Podobno zlapalam jakiegos Rootkita ale jak sie tego pozbyc skoro nie moge tego wykryc. Co robić ??
Dalik komentarz 21 lipca 2009 komentarz 21 lipca 2009 A czym niby to przeskanowałoś? bo można przeskanować a "przeskanować" - nigdy nie opieraj diagnozy na jednym programie.
sweet lady komentarz 21 lipca 2009 Autor komentarz 21 lipca 2009 Log z Hijack'a Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:40:25, on 21/07/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18248)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\hp\support\hpsysdrv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\WINDOWS\RtHDVCpl.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbapp.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbappHelper.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stb0.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\A\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stb0.dllO4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exeO4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hideO4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [smileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbapp.exeO4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exeO23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exeO23 - Service: Google Update Service (gupdate1c9ba161de806d0) (gupdate1c9ba161de806d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exeO23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exeO23 - Service: MSKTZREU - Unknown owner - C:\Users\A\AppData\Local\Temp\MSKTZREU.exe (file missing)O23 - Service: ODLJPY - Unknown owner - C:\Users\A\AppData\Local\Temp\ODLJPY.exe (file missing)O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TSQLGMFR - Unknown owner - C:\Users\A\AppData\Local\Temp\TSQLGMFR.exe (file missing)O23 - Service: ZGMCCCLRIZ - Unknown owner - C:\Users\A\AppData\Local\Temp\ZGMCCCLRIZ.exe (file missing)--End of file - 9559 bytes I log z Combo (z ktorym mialam troche problemow ale mysle ze to co tu podam jest dobrze ComboFix 09-07-20.05 - A 21/07/2009 20:23.2.2 - NTFSx86Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2039.1163 [GMT 1:00]Running from: c:\users\A\Downloads\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: avast! antivirus 4.8.1335 [VPS 090330-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\TEMP\logishrd\LVPrcInj01.dll.((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 ))))))))))))))))))))))))))))))).2009-07-21 19:27 . 2009-07-21 19:28 -------- d-----w- c:\users\A\AppData\Local\temp2009-07-21 13:16 . 2009-07-20 09:36 3004165 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\Setup.exe2009-07-20 00:51 . 2009-07-13 10:01 3004139 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe2009-07-19 21:19 . 2009-07-19 21:19 -------- d-----w- c:\programdata\PopCap Games2009-07-19 21:19 . 2009-07-19 21:19 -------- d-----w- c:\program files\PopCap Games2009-07-18 20:53 . 2009-07-18 20:53 -------- d-----w- c:\program files\Trend Micro2009-07-18 14:12 . 2009-07-18 14:12 -------- d-----w- c:\users\A\AppData\Local\Apple Computer2009-07-15 09:30 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll2009-07-15 09:30 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll2009-07-15 09:30 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll2009-07-15 09:30 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll2009-07-14 20:48 . 2009-07-14 20:48 -------- d-----w- c:\program files\System Search Dispatcher2009-07-14 20:48 . 2009-07-14 20:48 -------- d-----w- c:\program files\DoubleD2009-07-09 20:00 . 2009-07-09 20:01 -------- d-----w- c:\program files\QuickTime2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\programdata\Apple Computer2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\users\A\AppData\Local\Apple2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\program files\Apple Software Update2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\programdata\Apple2009-07-01 21:26 . 2009-07-01 21:26 -------- d-----w- c:\program files\Microsoft Silverlight2009-07-01 19:45 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll2009-07-01 19:45 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll2009-07-01 19:45 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll2009-06-22 14:23 . 2009-06-22 14:23 239088 ----a-w- c:\users\A\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll2009-06-22 12:39 . 2009-06-22 12:39 -------- d-----w- c:\program files\Common Files\xing shared.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-21 19:28 . 2009-03-13 11:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs2009-07-21 19:00 . 2009-03-13 10:57 -------- d-----w- c:\users\A\AppData\Roaming\Skype2009-07-21 15:00 . 2009-05-13 21:01 -------- d-----w- c:\programdata\OpenFM2009-07-21 15:00 . 2009-04-15 17:41 -------- d-----w- c:\users\A\AppData\Roaming\OpenFM2009-07-21 13:17 . 2009-03-13 13:02 -------- d-----w- c:\users\A\AppData\Roaming\uTorrent2009-07-21 13:16 . 2009-07-21 13:15 -------- dc-h--w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}2009-07-20 09:36 . 2009-07-21 13:15 262424 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll2009-07-20 09:36 . 2009-07-21 13:15 254232 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll2009-07-20 09:36 . 2009-07-21 13:15 872728 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\B75FA91E\3E688669\stbsvc.exe2009-07-20 09:36 . 2009-07-21 13:15 205080 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll2009-07-20 09:34 . 2009-07-21 13:15 295656 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe2009-07-20 09:34 . 2009-07-21 13:15 295328 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe2009-07-20 09:34 . 2009-07-21 13:15 295896 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe2009-07-20 00:51 . 2009-07-20 00:50 -------- dc-h--w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}2009-07-18 21:29 . 2009-03-30 20:41 -------- d-----w- c:\programdata\Roxio2009-07-17 13:15 . 2009-03-13 14:41 -------- d-----w- c:\program files\Nowe Gadu-Gadu2009-07-15 14:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail2009-07-15 14:13 . 2009-03-13 11:34 -------- d-----w- c:\programdata\Microsoft Help2009-07-13 10:01 . 2009-07-20 00:50 262424 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll2009-07-13 10:01 . 2009-07-20 00:50 254232 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll2009-07-13 10:01 . 2009-07-20 00:50 872728 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe2009-07-13 10:01 . 2009-07-20 00:50 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll2009-07-13 10:01 . 2009-07-20 00:50 479512 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe2009-07-13 10:01 . 2009-07-20 00:50 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\628759C1\3E688669\stbOLEX.dll2009-07-13 10:01 . 2009-07-20 00:50 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\A26F7F7\3E688669\stbOL.dll2009-07-13 10:01 . 2009-07-20 00:50 323864 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B3AC8875\3E688669\stbMsn.dll2009-07-13 10:01 . 2009-07-20 00:50 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll2009-07-13 10:01 . 2009-07-20 00:50 487704 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\EB91CE86\3E688669\stbdl.exe2009-07-13 10:01 . 2009-07-20 00:50 491800 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\BED3DEFB\3E688669\stbasst.exe2009-07-13 10:01 . 2009-07-20 00:50 94488 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe2009-07-13 09:21 . 2009-07-21 13:15 423528 -c--a-w- c:\programdata\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe2009-07-13 09:21 . 2009-07-20 00:50 423528 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe2009-07-11 16:06 . 2009-03-13 10:46 103552 ----a-w- c:\users\A\AppData\Local\GDIPFONTCACHEV1.DAT2009-07-10 22:57 . 2006-12-17 07:29 -------- d-----w- c:\program files\Microsoft Works2009-07-04 21:07 . 2009-03-14 01:18 -------- d-----w- c:\program files\NAPI-PROJEKT2009-07-04 19:36 . 2009-03-13 16:02 -------- d-----w- c:\users\A\AppData\Roaming\BESTplayer2009-07-01 20:57 . 2009-04-16 22:11 -------- d-----w- c:\users\A\AppData\Roaming\ipla2009-07-01 19:45 . 2009-04-06 12:20 -------- d-----w- c:\program files\K-Lite Codec Pack2009-07-01 19:42 . 2009-05-17 00:38 -------- d-----w- c:\program files\DivX2009-06-22 12:39 . 2009-03-13 18:22 -------- d-----w- c:\program files\Common Files\Real2009-06-13 18:25 . 2009-06-13 18:25 -------- d-----w- c:\program files\Citrix2009-06-13 17:07 . 2009-06-13 17:07 -------- d-----w- c:\programdata\Citrix2009-06-13 17:07 . 2009-06-13 17:07 61480 ----a-w- c:\users\A\GoToAssistDownloadHelper.exe2009-05-29 19:36 . 2009-05-29 16:04 -------- d-----w- c:\users\A\AppData\Roaming\Gizmo52009-05-29 15:44 . 2009-05-29 15:44 -------- d-----w- c:\users\A\AppData\Roaming\WengoPhone2009-05-28 13:53 . 2009-03-13 10:57 -------- d-----w- c:\program files\Common Files\Adobe2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\users\A\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-28 08:34 . 2009-05-28 08:34 11264 ----a-w- c:\users\A\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll2009-05-03 23:46 . 2009-05-03 23:46 1048576 ----a-w- c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\c0s4re68.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll2009-04-30 12:37 . 2009-06-14 08:24 293376 ----a-w- c:\windows\system32\psisdecd.dll2009-04-30 12:37 . 2009-06-14 08:24 428544 ----a-w- c:\windows\system32\EncDec.dll2009-04-24 16:05 . 2009-06-09 21:32 827904 ----a-w- c:\windows\system32\wininet.dll2009-04-24 16:02 . 2009-06-09 21:32 78336 ----a-w- c:\windows\system32\ieencode.dll2009-04-24 13:44 . 2009-06-09 21:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe2009-04-23 12:43 . 2009-06-09 21:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll2009-04-23 12:42 . 2009-06-09 21:32 636928 ----a-w- c:\windows\system32\localspl.dll2009-07-18 23:13 . 2009-03-13 11:00 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll.((((((((((((((((((((((((((((( SnapShot@2009-07-21_19.08.05 ))))))))))))))))))))))))))))))))))))))))).+ 2006-12-17 07:24 . 2009-07-21 19:20 43624 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2006-11-02 13:05 . 2009-07-21 19:20 37244 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2009-03-13 10:37 . 2009-07-21 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-03-13 10:37 . 2009-07-21 19:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-03-13 10:37 . 2009-07-21 19:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-03-13 10:37 . 2009-07-21 19:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-03-13 10:37 . 2009-07-21 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-03-13 10:37 . 2009-07-21 19:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-03-13 10:42 . 2009-07-21 19:20 6604 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3830869421-3057737815-4287278643-1001_UserData.bin.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]"Google Update"="c:\users\A\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbapp.exe" [2009-07-20 606488][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2008-09-11 1517056]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]c:\users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{7C28DF1A-79EB-4861-B2C6-6EF7ADA8A8F8}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM"{8DE15F07-9C91-4393-8FFC-7950FBB8A7E9}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM"{98EA2CBF-F1E8-4902-ADCA-3AB30A6DF67E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server"{FF4DF79F-DAC1-4FBE-AA31-82072A342D3B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server"{FC945A2A-3580-4552-8D5B-3EC84E906D8F}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service"{20E1D4A4-6302-4F30-A40A-ECA4CCEC4EC2}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service"{7DB5A334-5C80-4FCF-AC81-33C5E16C1B37}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery"{5CC475F7-DD9C-4018-9110-440981882D16}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery"{36EA3068-54F1-44DE-9F4A-DF116F7F37C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{A18E51E1-999B-47C7-A70E-3DBFAE43A42F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{ADCE88AA-2C4A-4E4B-A7E3-9481772BF42B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{A1E9A0FF-CB6B-44EB-9434-CD0C02974DA5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{E5F64EF0-6780-42AC-8900-EBA09F68426B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{EF89FA0B-5AB2-4A86-A473-68C85ED78E1D}"= UDP:c:\program files\uTorrent\uTorrent.exe:?Torrent (TCP-In)"{BE659467-ADED-4B4B-B31D-08BF42DEAFE5}"= TCP:c:\program files\uTorrent\uTorrent.exe:?Torrent (UDP-In)"{20012EA3-E340-411C-943C-1509D0270766}"= UDP:22804:BitComet 22804 TCP"{B0B07D21-C20D-4B63-A132-DB6624C4D7B0}"= TCP:22804:BitComet 22804 UDP"TCP Query User{5C1D4C2D-B34E-49F2-81B3-16238AFE7B63}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"UDP Query User{D8F2D508-5BC1-420A-B677-305DE1EFE495}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"{601C9006-F6B4-47AB-B6A0-03CC18BE3E6C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype"{AA7D0A38-F150-4DC1-83D5-A355113EA9C2}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype"{80637743-9D9E-437C-905A-D4C3A5453173}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype"{D0B6A3DD-C3BC-426C-B44E-743DD506DB2A}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype"{F0D9E26D-2EEB-4C5D-A83C-BFDD33D30A3D}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4FB42AD6-76AB-4416-97D0-3FFC87D66F54}"= c:\program files\Skype\Phone\Skype.exe:Skype"{12D55FB7-670F-4975-926E-1B2B08356EAF}"= c:\program files\Skype\Phone\Skype.exe:Skype"{9DFEFB37-0DBF-4C42-8F9E-30F2E4FC5575}"= c:\program files\Skype\Phone\Skype.exe:Skype"{FBBD6AC0-13BC-44AC-BA62-8DF22D707F4A}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F0EA5D03-39C1-4CCD-B89F-776ED917A383}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{D5630308-86BD-400D-A400-33FE363AD47A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox"UDP Query User{BBB57A7B-5A83-4384-B029-FE59A1990D7A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox"{C4B79FF2-2FEF-414D-B8E5-65455D7EA21B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{8CCCD3F4-D4E2-4510-8A7A-450839E7A0C1}"= c:\program files\Skype\Phone\Skype.exe:Skype"{DCC043B8-CE6F-437C-91A6-9A560654D94F}"= c:\program files\Skype\Phone\Skype.exe:Skype"{00D6BEAA-4824-40EA-A381-E3270A024A6A}"= c:\program files\Skype\Phone\Skype.exe:Skype"{96EE8CCF-1A62-4500-AF5F-696C26386064}"= c:\program files\Skype\Phone\Skype.exe:Skype"{5294253C-C79C-41DA-BF49-CCA207BB4029}"= c:\program files\Skype\Phone\Skype.exe:Skype"{D61ADE48-9BEA-4B71-8C4C-159F5686FAA4}"= c:\program files\Skype\Phone\Skype.exe:Skype"{5C212D2F-E9A2-42AB-9A33-D1FE29426070}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{9553BAB0-4227-49B8-9522-0FA8BB1C0ECD}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu"UDP Query User{9997A121-52C3-4D1D-BE4F-0F0076EE6EA2}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu"{301604B9-0D27-4606-BD00-F4EE7744E661}"= c:\program files\Skype\Phone\Skype.exe:Skype"{A57D958A-87A2-4484-A172-9B93DF89DF4B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{E8D95F58-D45B-453B-A19B-73AB566C962B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{2298237E-590A-4738-90F9-FA5CBBA91077}"= c:\program files\Skype\Phone\Skype.exe:Skype"{5765AA1C-AB01-4D14-B31C-FBC79378935E}"= c:\program files\Skype\Phone\Skype.exe:Skype"{A0902104-93E0-43B2-8EC8-FE12236A0E17}"= c:\program files\Skype\Phone\Skype.exe:Skype"{C0CB8C6D-6D3C-4C9E-A3D8-61DB78E46574}"= c:\program files\Skype\Phone\Skype.exe:Skype"{AE8132CD-8146-4A57-8710-0AA842C379C5}"= c:\program files\Skype\Phone\Skype.exe:Skype"{7DEDDA32-D4CC-4BDF-BF13-3DD1DB6FD805}"= c:\program files\Skype\Phone\Skype.exe:Skype"{0219187F-08E6-4167-AB79-A6C6BE89CD40}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4EA25578-EF0E-4950-AB13-DE67BE8DE655}"= c:\program files\Skype\Phone\Skype.exe:Skype"{663F09BB-6C19-4A2A-BFA3-EA6561D37808}"= c:\program files\Skype\Phone\Skype.exe:Skype"{61DC5255-0A15-4A07-B81A-6C72BAD3D4FA}"= c:\program files\Skype\Phone\Skype.exe:Skype"{8EC81758-59B0-42B7-AE72-15FDA05FB997}"= c:\program files\Skype\Phone\Skype.exe:Skype"{D4396357-3F5A-42F8-A66E-142FD30C4820}"= c:\program files\Skype\Phone\Skype.exe:Skype"{9BC4A8EB-C0D9-46AC-89CD-BBD121BB6599}"= c:\program files\Skype\Phone\Skype.exe:Skype"{309C1A61-6EAB-4686-A78D-CF2455C1353E}"= c:\program files\Skype\Phone\Skype.exe:Skype"{806A637B-EAD5-47D4-81AB-FA1BF15C225C}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F23C1AAF-2815-4662-AF63-1CC1879ED100}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F9E6F878-7A72-4000-9652-2A7F7B7C76F5}"= c:\program files\Skype\Phone\Skype.exe:Skype"{B36E15CB-B09F-4E65-9AE2-9782EFCF881C}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F9DE643B-A32B-48B5-A94B-DAD9DF9C9254}"= c:\program files\Skype\Phone\Skype.exe:Skype"{6C77311A-4E44-46ED-8AE0-CE1CBECF6184}"= c:\program files\Skype\Phone\Skype.exe:Skype"{71BAAA64-AA95-4CE8-AED9-351572596103}"= UDP:22804:BitComet 22804 TCP"{393D21D1-0970-40A6-8855-02C973F5F58D}"= TCP:22804:BitComet 22804 UDP"TCP Query User{A280EFC3-7549-440C-97B9-E17D495C0C3A}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"UDP Query User{81F050AD-667D-4385-8C1F-D4E1538D006C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"{6581C1DE-C0B7-40A1-BD0D-8488181B61E1}"= c:\program files\Skype\Phone\Skype.exe:Skype"{9EDF323B-DE2E-412B-9ADE-52F10749D777}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F888B8C5-3043-419B-AB67-F998E13CD9EE}"= c:\program files\Skype\Phone\Skype.exe:Skype"{75AC73BF-F6D4-4121-BF33-2C62C8E6A368}"= c:\program files\Skype\Phone\Skype.exe:Skype"{01B12A54-8F14-40D0-9EB6-F2B30FDEA029}"= c:\program files\Skype\Phone\Skype.exe:Skype"{53FFFD41-8F9C-4C04-97FF-192B4A6285BC}"= c:\program files\Skype\Phone\Skype.exe:Skype"{0654AE5A-BFE1-4DA8-A04E-097866EEFC8B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{2D4C53D6-8B58-4FC3-A8E2-1C959FEDE89B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{EE34A1C2-D7D3-453F-B64D-BF46EF64FD84}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{F048A734-A4F0-4C0D-A46E-22AA0ECA468F}c:\\program files\\subagames\\metin2\\metin2.bin"= UDP:c:\program files\subagames\metin2\metin2.bin:metin2.bin"UDP Query User{B9DB0160-335C-499E-AF06-5FDF557A26EE}c:\\program files\\subagames\\metin2\\metin2.bin"= TCP:c:\program files\subagames\metin2\metin2.bin:metin2.bin"{C5E0410A-8AA2-4BF4-83FD-0B5F15B7E86A}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F9D41B32-EF9E-47A3-900B-2F4E516F57F4}"= c:\program files\Skype\Phone\Skype.exe:Skype"{70CBCFB3-3377-4CC6-95D2-3AB0650E6746}"= c:\program files\Skype\Phone\Skype.exe:Skype"{3143F956-D23A-4A0F-84A9-B086EC3B488D}"= c:\program files\Skype\Phone\Skype.exe:Skype"{853A5949-B3A6-4B1E-A9FA-A411EF529B42}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4FCED654-8141-4630-824C-12FD3E35BC68}"= c:\program files\Skype\Phone\Skype.exe:Skype"{C229773D-4F85-4BD4-AE1B-C9B8C7EA0B18}"= c:\program files\Skype\Phone\Skype.exe:Skype"{392CAC8A-69F8-4660-90F9-AF5C84C343B7}"= c:\program files\Skype\Phone\Skype.exe:Skype"{73ED419C-CB68-4E33-ADAA-86D10C429B69}"= c:\program files\Skype\Phone\Skype.exe:Skype"{DC58CECE-638E-4F53-9DA8-0D0C219F36D6}"= c:\program files\Skype\Phone\Skype.exe:Skype"{36CDEBB5-9690-48F4-A3D1-2E9D48802718}"= c:\program files\Skype\Phone\Skype.exe:Skype"{D2B1634D-C69D-4CE8-827C-CED8C6C25AEA}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4DA0B985-AA02-4A01-AD6F-001EE0A8E7EC}"= c:\program files\Skype\Phone\Skype.exe:Skype"{3C733C98-C8C6-414D-84C6-F9AA147B6E52}"= c:\program files\Skype\Phone\Skype.exe:Skype"{AFF23A1D-9898-42C9-ADD3-BDD532A5A171}"= c:\program files\Skype\Phone\Skype.exe:Skype"{1D873AF1-A816-4E55-B9C7-667FE66077E6}"= c:\program files\Skype\Phone\Skype.exe:Skype"{724EE82B-9822-4F2B-A3FA-46EEB9EA9E73}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4AF18AFB-94D0-47CC-8A8E-67FC807DAAFA}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{F216864B-3C32-42C5-9D4E-8E4295C54246}c:\\program files\\ipla\\ipla.exe"= UDP:c:\program files\ipla\ipla.exe:ipla"UDP Query User{53C86A3D-9180-43EA-8965-EA75EDD83D43}c:\\program files\\ipla\\ipla.exe"= TCP:c:\program files\ipla\ipla.exe:ipla"{418FA502-DBE4-4F42-BE48-D609A78FE58F}"= c:\program files\Skype\Phone\Skype.exe:Skype"{4158BB8F-843F-4F78-B242-5C85E497B4AA}"= c:\program files\Skype\Phone\Skype.exe:Skype"{0B3C6022-9695-428B-A5DB-94702774CFBC}"= c:\program files\Skype\Phone\Skype.exe:Skype"{5C0D952C-BC3D-4D3C-BA13-2429E03170D4}"= c:\program files\Skype\Phone\Skype.exe:Skype"{308D3AB8-9CB7-4BBB-8A40-DBFB314FDF56}"= c:\program files\Skype\Phone\Skype.exe:Skype"{3983E986-1284-463F-8005-CF547B09E4E6}"= c:\program files\Skype\Phone\Skype.exe:Skype"{999E2C54-18C4-42D5-832B-3D92DA3AF9F7}"= c:\program files\Skype\Phone\Skype.exe:Skype"{D9FB5F8B-4FE0-4234-8460-7646916EE769}"= c:\program files\Skype\Phone\Skype.exe:Skype"{50E8474A-9351-4583-BD41-4E23EAD33903}"= c:\program files\Skype\Phone\Skype.exe:Skype"{0DC7DF3B-604E-4636-996B-B0D4EDC5D1FE}"= c:\program files\Skype\Phone\Skype.exe:Skype"{D747DC84-37CF-43C0-B034-3E37D435AFB2}"= c:\program files\Skype\Phone\Skype.exe:Skype"{899F89BD-828C-4B22-8FFD-B72D1832EE1A}"= c:\program files\Skype\Phone\Skype.exe:Skype"{BF41045D-E6A8-404B-944B-09EE5865BC8D}"= c:\program files\Skype\Phone\Skype.exe:Skype"{04136115-BE39-474F-92CD-9D0E1EC2C54B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{A5B99798-EFED-4E4B-8854-0EBB74F82803}"= c:\program files\Skype\Phone\Skype.exe:Skype"{56B605D5-1827-4734-AC71-EF9511DE850C}"= c:\program files\Skype\Phone\Skype.exe:Skype"{E330C5A5-E9C2-4329-BD86-0051DCCD5F00}"= c:\program files\Skype\Phone\Skype.exe:Skype"{E02C739D-E3E4-4D79-95CE-52D1B69D329B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{B156F6D5-1EDD-4C1C-BEE0-1855C20CE831}"= c:\program files\Skype\Phone\Skype.exe:Skype"{B1C87680-7EEB-43FB-8A5D-D18DC9FB10FD}"= c:\program files\Skype\Phone\Skype.exe:Skype"{AE6A03A0-E492-40C3-ACD5-54DD15ACA49D}"= c:\program files\Skype\Phone\Skype.exe:Skype"{7D5D768C-4AB0-44FF-9438-8C57BB448C0A}"= UDP:c:\program files\Gizmo5\Gizmo5.exe:Gizmo5"{0B4AE379-31AC-431B-9407-2E58620C6BDC}"= TCP:c:\program files\Gizmo5\Gizmo5.exe:Gizmo5"{96C64A78-6960-425E-B865-F66AB3774A5A}"= c:\program files\Skype\Phone\Skype.exe:Skype"{7FB7DE4F-077C-4022-9B18-2420A130E1C2}"= c:\program files\Skype\Phone\Skype.exe:Skype"{B2C12C2F-57D8-45AA-B234-FE6E9955C66E}"= c:\program files\Skype\Phone\Skype.exe:Skype"{EFFAD55F-59D7-4F38-88A5-C8160E69A90E}"= c:\program files\Skype\Phone\Skype.exe:Skype"{610FC339-C872-43B2-932C-30C8FB923BC6}"= c:\program files\Skype\Phone\Skype.exe:Skype"{CCA1D0A7-F678-41E4-B3B6-376F058E35CA}"= c:\program files\Skype\Phone\Skype.exe:Skype"{3F1AE7CF-B2C7-4A53-906F-BE932B9CBE9B}"= UDP:c:\users\A\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin"{5B3A1EFA-2A8A-4454-89B5-EEDA948E338B}"= TCP:c:\users\A\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin"{A7CAE105-D1D6-433D-829D-B38608FF46C8}"= UDP:c:\users\A\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin"{F0E79B4D-5389-465F-9858-F0EFB8ABCC22}"= TCP:c:\users\A\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin"{E4287B72-97C8-4911-BE21-39F729FEA656}"= c:\program files\Skype\Phone\Skype.exe:Skype"{71E48A22-DD7E-4EDF-BA5B-5BBF884C905C}"= c:\program files\Skype\Phone\Skype.exe:Skype"{C427EE62-7EDF-418E-A710-2B17A6375FAA}"= c:\program files\Skype\Phone\Skype.exe:Skype"{395B5C05-9CEE-42E0-A784-7B15B7A246E3}"= c:\program files\Skype\Phone\Skype.exe:Skype"{2832ACB3-A963-4A22-A988-8C2DB3222CC3}"= c:\program files\Skype\Phone\Skype.exe:Skype"{2385D4C3-F54D-48C5-99FE-E91664733C18}"= c:\program files\Skype\Phone\Skype.exe:Skype"{A23C4640-58E6-4F09-A753-D2FC90693608}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{8A4E75B8-9B05-4709-99DE-2ABCC55086A9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{9E4D1605-2793-4365-9BE5-B02DF50AE169}"= c:\program files\Skype\Phone\Skype.exe:Skype"{5A2FB70A-419E-4CCE-B483-57FFF5D167CF}"= c:\program files\Skype\Phone\Skype.exe:Skype"{612DD1DA-C588-42C2-B334-8AB973E411B0}"= c:\program files\Skype\Phone\Skype.exe:Skype"{E7E3EF3E-F5E5-46B9-B880-4255340C41CB}"= c:\program files\Skype\Phone\Skype.exe:Skype"{1C212FE1-5DD2-4D6D-B78E-38A550EC0E72}"= c:\program files\Skype\Phone\Skype.exe:Skype"{968599BA-D23C-4F1E-94D0-8AE5E61CD95E}"= c:\program files\Skype\Phone\Skype.exe:Skype"{131D1AFB-A8D9-4A34-9EEC-E0F0DF0440A2}"= c:\program files\Skype\Phone\Skype.exe:Skype"{AB5CED8A-85A5-43D4-850C-637E1DC563EF}"= c:\program files\Skype\Phone\Skype.exe:Skype"{059DBC49-1612-484C-BCBF-1DD5666048AB}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F72E4FC9-7C70-4512-A200-86F42A0A47A7}"= c:\program files\Skype\Phone\Skype.exe:Skype"{2F50B4B2-37DD-421B-B45C-E86AF8302BD5}"= c:\program files\Skype\Phone\Skype.exe:Skype"{F7F15D8E-6670-4AD7-A539-5B8EE391922B}"= c:\program files\Skype\Phone\Skype.exe:Skype"{FABB7455-8006-4E49-B48B-27AEEAA6AD58}"= c:\program files\Skype\Phone\Skype.exe:Skype"{98102A2D-5D6A-4583-98B5-744DFBAD6918}"= c:\program files\Skype\Phone\Skype.exe:SkypeR1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [13/03/2009 12:16 114768]R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [13/03/2009 12:16 20560]R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [13/03/2009 12:16 51792]R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 19:32 208896]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13/03/2009 12:03 1153368]S2 gupdate1c9ba161de806d0;Google Update Service (gupdate1c9ba161de806d0);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2009 20:54 133104]S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 18:13 29696]S3 MSKTZREU;MSKTZREU;c:\users\A\AppData\Local\Temp\MSKTZREU.exe --> c:\users\A\AppData\Local\Temp\MSKTZREU.exe [?]S3 ODLJPY;ODLJPY;c:\users\A\AppData\Local\Temp\ODLJPY.exe --> c:\users\A\AppData\Local\Temp\ODLJPY.exe [?]S3 TSQLGMFR;TSQLGMFR;c:\users\A\AppData\Local\Temp\TSQLGMFR.exe --> c:\users\A\AppData\Local\Temp\TSQLGMFR.exe [?]S3 ZGMCCCLRIZ;ZGMCCCLRIZ;c:\users\A\AppData\Local\Temp\ZGMCCCLRIZ.exe --> c:\users\A\AppData\Local\Temp\ZGMCCCLRIZ.exe [?].Contents of the 'Scheduled Tasks' folder2009-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 19:54]2009-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 19:54]2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830869421-3057737815-4287278643-1001Core.job- c:\users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-05 18:05]2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830869421-3057737815-4287278643-1001UA.job- c:\users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-05 18:05]..------- Supplementary Scan -------.uStart Page = hxxp://bt.yahoo.commStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=desktopuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Pobierz wszystkie VIdeo za pomoca BitCometIE: Pobierz wszystko za pomoca BitCometIE: Pobierz za pomoca BitCometTrusted Zone: motive.com\pbttbc.btDPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\c0s4re68.default\FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-21 20:28Windows 6.0.6001 Service Pack 1 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'Explorer.exe'(6432)c:\windows\TEMP\logishrd\LVPrcInj01.dll.------------------------ Other Running Processes ------------------------.c:\windows\System32\audiodg.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\Alwil Software\Avast4\ashDisp.exec:\windows\System32\igfxsrvc.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\Motive\McciCMService.exec:\windows\System32\WUDFHost.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2009-07-21 20:34 - machine was rebootedComboFix-quarantined-files.txt 2009-07-21 19:34ComboFix2.txt 2009-07-21 19:14Pre-Run: 186,736,443,392 bytes freePost-Run: 186,690,310,144 bytes free434 --- E O F --- 2009-07-20 16:42
sweet lady komentarz 21 lipca 2009 Autor komentarz 21 lipca 2009 A skan zrobilam za pomoca 1- Awast, 2- Spybot. Jezeli znacie cos lepszego to bede wdzieczna. :lol:
kabi95 komentarz 21 lipca 2009 komentarz 21 lipca 2009 A skan zrobilam za pomoca 1- Awast, Przeskanuj lepiej kasperskym online
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.